Fix jwt-token

management/src/services/api.js

@@ -26,7 +26,7 @@ api.interceptors.request.use(
 api.interceptors.response.use(
   (response) => response,
   (error) => {
-    console.log('🚨 API Response Error:', {
+    console.log('🚨 Management API Error:', {
       status: error.response?.status,
       statusText: error.response?.statusText,
       data: error.response?.data,
@@ -38,22 +38,45 @@ api.interceptors.response.use(
 
     if (error.response?.status === 401 || error.response?.status === 403) {
       const errorData = error.response.data;
-      console.warn('🔐 Authentication failed:', errorData?.message || 'Unknown error');
-      console.log('🔐 Error details:', {
+      const errorCode = errorData?.errorCode || errorData?.error;
+      
+      console.warn('🔐 Management Authentication Error:', {
         error: errorData?.error,
         message: errorData?.message,
+        errorCode: errorCode,
         redirectToLogin: errorData?.redirectToLogin
       });
       
+      // Show user-friendly error message based on error type
+      let userMessage = errorData?.message || 'Authentication error';
+      
+      switch (errorCode) {
+        case 'TOKEN_EXPIRED':
+          userMessage = 'Your management session has expired. Please log in again.';
+          break;
+        case 'INVALID_TOKEN':
+          userMessage = 'Invalid management authentication. Please log in again.';
+          break;
+        case 'INSUFFICIENT_PERMISSIONS':
+          userMessage = errorData.message; // Use detailed message from backend
+          break;
+        default:
+          if (errorData?.message?.includes('management token')) {
+            userMessage = 'Your management session has expired. Please log in again.';
+          }
+      }
+      
+      // Show error message (you can integrate with your notification system)
+      console.error('Management Error:', userMessage);
+      
       // Clear authentication data
-      console.log('🧹 Clearing authentication data...');
+      console.log('🧹 Clearing management authentication data...');
       localStorage.removeItem('management_token')
       localStorage.removeItem('management_user')
       
-      // Check if the backend indicates we should redirect to login
-      if (errorData?.redirectToLogin !== false) {
-        console.log('🔄 Redirecting to login page...');
-        // Use both methods to ensure redirect works
+      // Only redirect to login for authentication errors, not permission errors
+      if (error.response.status === 401 || errorData?.redirectToLogin !== false) {
+        console.log('🔄 Redirecting to management login page...');
         try {
           if (window.location.pathname !== '/login') {
             console.log('🔄 Current path:', window.location.pathname, '- redirecting...');
@@ -63,11 +86,12 @@ api.interceptors.response.use(
           }
         } catch (e) {
           console.error('Failed to redirect via location.href:', e);
-          // Fallback: try replace
           window.location.replace('/login');
         }
       } else {
-        console.log('🚫 Redirect to login disabled by backend response');
+        console.log('🚫 Permission error - not redirecting to login');
+        // For permission errors, you might want to show a modal or toast notification
+        // instead of redirecting
       }
     }
     return Promise.reject(error)